With the first rumblings of Meltdown and Spectre malware appearing, it's time to patch our systems against these CPU vulnerabilities. We know these patches will slow our systems down, but, for Linux at least, these slowdowns may not be as bad as we first feared they would be.
Greg Kroah-Hartman, the Linux kernel maintainer for the stable branch, said he's seen one report of a "Linux user benchmarking recent kernel versions on a specific network-heavy load," which showed that, without anti-Meltdown Linux's Kernel Page Table Isolation (KPTI) patches, the latest-released Linux kernel, 4.15 is 7- to 9-percent faster than April 30, 2017's 4.11 release.
That's the good news. The bad news is that, with KPTI, 4.14 is 1- to 2-percent slower than 4.11. Still, as Kroah-Hartman pointed out, "So, overall, we are right back where we started from. Which makes me feel good, the recent Meltdown changes turn out to not really be much of a problem overall."
Of course, "those developers who worked so hard to get that 7-9 percent increase over the past year might not be all happy, this should help put to rest the gloom-and-doom reports that various articles are reporting lately."
Meanwhile, at Phoronix, a site that specializes in Linux benchmarking, Michael Larabel, its primary author and benchmark developer, has found -- in a recent test of Linux kernels from Linux 4.0 to 4.15 -- that while "some slowdowns when using the Linux 4.15 kernel ... at least in several of the real-world benchmarks, the performance out of Linux 4.15 is fortunately not at the lowest levels we've seen with benchmarking these kernel releases of the past three years."
Kroah-Hartman concluded [sic], "But if you are stuck at an old kernel version (i.e. 3.10.y, 4.4.y, or 4.9.y or whatever your distro is camping on for the next decade), that's a totally different story. Go forth and benchmark! Then go update to a newer kernel version, odds are it will be a good improvement."
And, I'll add, that with the potential for real Meltdown and Spectre attacks out there, no matter how much performance you might lose, it's time to patch your Linux systems. Now, if only Intel would clean up its troublesome chip patches we'd all be a lot safer.